Menu

Commercial ‘form grabbing’ rootkit spotted in the wild

Trust is vital. It’s also the cornerstone for the growth of E-commerce in general, largely thanks to the mass acceptable of a trusted model for processing financial data and personally identifiable information. For years, the acceptance and mass implementation of PKI (Public Key Infrastructure) has been a driving force that resulted in a pseudo-secure B2C, B2B, and B2G electronic marketplace, connecting the world’s economies in a 24/7/365 operating global ecosystem.

In this post, I’ll profile a recently advertised commercial ‘form grabbing’ rootkit, that’s capable of ‘”grabbing” virtually any form of communication transmitted over SSL

More details:

Sample screenshots of the DIY form grabbing rootkit in action:

Coded in C++ according to its author, it has Ring 3 rootkitfunctionality, and currently supports Windows XP/Vista/7/8. The price? $75. Potential customers also don’t get a DIY builder, but a bin file that’s individually crypted per customer. Surprisingly, customers will get the updates over email. Next to the built-in rootkit functionality, the ‘form grabbing’ rootkit also takes advantage of ‘Smart API hooking”, and only hooks the functions responsible of transmitting form related data, making it extremely fast and efficient, according to its author.

Customers would have to use Liberty Reserve, Western Union, Money Gram or PayPal in order to purchase it.

We’ll be definitely keeping an eye on the future development of this commercial rootkit.